Authentication mode: VRRP supports none authentication, simple authentication, enhanced MD5 authentication, and enhanced HMAC-SHA256 authentication (applicable only to unicast VRRP).
Packet check: VRRP checks the VRRP group ID, checksum, TTL, version number, packet type, timer, number of virtual addresses, virtual address, and packet length.
System security policies:
Attack packet suppression: If a device receives more than 20 packets within a specified period of time or receives packets sent from the device itself, the device discards the packets.
A large number of valid VRRP packets are sent within a period of time to attack a device.
VRRP packets that do not meet packet check requirements in a VRRP security policy are constructed to attack a device.
Authentication mode: VRRP supports none authentication, simple authentication, MD5 authentication, and HMAC-SHA256 authentication (applicable only to unicast VRRP). In simple authentication, a password can be saved in simple text or ciphertext. In MD5 authentication and HMAC-SHA256 authentication, a password is saved in ciphertext by default.
Packet check: This function is supported by default and requires no additional configuration.
Authentication mode: To enhance protocol security, MD5 authentication is recommended for non-unicast VRRP, and HMAC-SHA256 authentication is recommended for unicast VRRP.